Hi IPS Expert,I found an enabled signature but not listed in Active Sigatures.I found that Retired field is shown "Low Memory Retired" ( see image)My understanding is that it will only be retired if Low Memory is being experienced but I dont think we...
Hi IPS Expert,Our IPS is still set as signature based and anomaly detection is not enabled. Is there a guideline that you can recommend to address to stop/prevent attack with no signature or disabled signature.I understand that if the signature is no...
Hi IPS Expert,I am managing and monitoring IPS using IPS Manager Express installed on my workstation.I replace my workstation a week ago and reinstall IME.I noticed that i can no longer retrieve old events.1. Are the old events stored on the first ma...
Hi Cisco IPS Expert,I am seeing event in our IPS that shows victim IP is 0.0.0.0.Some informed that this is a summarized event.But how can I get details of victim IP if i need to know .Regards,Jhun
Thanks Bob,This is very informative.This means that I will need to rely on CISCO's evaluation of signature.I am just worried that if there are attack without signature yet something like a zero day, we really want to know what will be the better app...
Thank you for the response karsten. This is very helpful. I have further inquiry. Noticed that after going through the archiving event options, we can schedule the archiving at maximum 24 hours interval. a. Where will the archived data stored and?b....
Thanks for the reply.1. Do we have retention period of events?2. If yes, where can we view or set the retention period?3. Is the retention period only applicable on the machine where the IME is installed?-Jhun
Hi Bob,Thank you for your reponse. I did as instructed. Just waiting for the next even to occur.So this means I can no longer see the IP details of the victim IP on the previous events.?Please confirm as well that 0.0.0.0 IP is due to summarization ...
